3. Publishing Applications to Users
Configuring Windows Application Objects
Creating Windows Application Objects on the Command Line
Configuring Microsoft Windows Terminal Services for Use With SGD
Session Resumability and Session Directory
Multiple Terminal Services Sessions
Terminal Services Group Policies
Keep Alive Configuration for Windows Terminal Servers
Licensing Microsoft Windows Terminal Services
Managing CALs From the Command-Line
Microsoft Windows Remote Desktop
Notes and Tips on Using Seamless Windows
Key Handling for Windows Terminal Services
Supported Keyboard Shortcuts for Windows Terminal Services
The Windows Key and Window Management Keys
Configuring Windows Keyboard Maps
Returning Client Device Information for Windows Terminal Services Sessions
Running Windows Applications on Client Devices
Configuring X Application Objects
Creating X Application Objects on the Command Line
How to Configure SGD to Use Your Own X Fonts
Configuring Character Application Objects
Creating Character Application Objects on the Command Line
Terminal Emulator Keyboard Maps
Terminal Emulator Attribute Maps
How to Create Your Own Attribute Map
How to Create a Dynamic Application
Integrating SGD With Oracle VDI
How to Create a Dynamic Application Server for the VDI Broker
How to Set Global SSH Client Options
How to Set Application SSH Client Options
Enabling X11 Forwarding for X Applications
Using SSH and the X Security Extension
Configuring Application Authentication
The Application Server Password Cache
Managing the Application Server Password Cache
Security and the Password Cache
Windows Domains and the Password Cache
Input Methods and UNIX Platform Applications
Adding Support for System Prompts in Different Languages
Using RSA SecurID for Application Authentication
Tips on Configuring Applications
Starting an Application or Desktop Session Without Displaying a Webtop
Using Multihead Or Dual Head Monitors
Configuring the Correct Desktop Size
Configuring Desktop Size for Client Window Management Applications
Configuring Desktop Size for Kiosk Mode Applications
Improving the Performance of Windows Applications
Improving the Performance of Java Desktop System Desktop Sessions or Applications
Configuring the X Application Object for Java Desktop System
Disabling Default Java Desktop System Settings
Documents and Web Applications
How to Create the Teacher's Application Object
How to Create the Classroom Application Object
Configuring Common Desktop Environment Applications
Configuring a CDE Desktop Session
Configuring the Login Script Used for the Application
Configuring the Transport Variable in the Login Script
Checking the Configuration of the Application Object
Checking the Launch Details and Error Logs
Troubleshooting ErrApplicationServerTimeout Errors
Troubleshooting ErrApplicationServerLoginFailed Errors
An Application Exits Immediately After Starting
Applications Fail To Start When X Authorization Is Enabled
Applications Disappear After About Two Minutes
An Application Session Does Not End When the User Exits an Application
Checking the Session Termination Setting
Windows Applications Do Not Close Down
UNIX Desktop Sessions Do Not Close Down After Logging Out
Users Can Start Applications With Different User Names and Passwords
Using Windows Terminal Services, Users Are Prompted for User Names and Passwords Too Often
Terminal Server Prompts the User
Using Shadowing to Troubleshoot a User's Problem
A Kiosk Application Is Not Appearing Full-Screen
An Application's Animation Appears 'Jumpy'
Font Problems with X Applications
Display Problems With High Color X Applications
The X Application Fails With a Color Planes Error
The X Application Uses Too Much Bandwidth
8-bit Applications Exit With a PseudoColor Visual Error
Clipped Windows With Client Window Management Applications
Display Update Issues When Shadowing Over a Low Bandwidth Connection
Troubleshooting Mouse Drag Delay Issues
Incorrect Time Zone Name Shown in Windows Applications
7. SGD Servers, Arrays, and Load Balancing
B. Secure Global Desktop Server Settings
SGD can use SSH to provide secure connections between SGD servers and application servers. SSH provides the following benefits:
All communication between application servers and SGD servers using SSH is encrypted, including the X protocol if you are running X applications
User names and passwords are always encrypted before being transmitted over the network
This section includes the following topics:
SGD works with SSH version 2 or later. Because of SSH version compatibility problems, use the same major version of SSH, either version 2 or version 3, on all SGD hosts and application servers.
SGD can automatically detect that SSH is installed on the SGD host if SSH is installed in one of the following directories:
/usr/local/bin
/usr/bin
/usr/sbin
/usr/lbin
/bin
/sbin
If you want to run the SSH client from a different location, or
you want to specify particular command-line arguments for the client, see Configuring the SSH Client for
details.
To connect to an application server using SSH, the following must be true:
SSH must be installed on the SGD host and on the application server
The application object’s Connection Method attribute must be ssh
When using SSH with SGD, you can configure the command-line arguments used by the SSH client. The arguments can be configured globally, for individual applications, or a combination of both.
You configure the global options for the SSH client by setting the TTASSHCLIENT environment variable,
see How to Set Global SSH Client Options for details. Use the global SSH client configuration in the following
situations:
SSH is not installed in one of the default locations
To use the same SSH client command-line arguments for all applications
You configure the application options for the SSH client by configuring the SSH Arguments
attribute for the application object, see How to Set Application SSH Client Options for details.
You can combine the global and application SSH client configuration to set the path to the SSH client and set the command-line arguments.
Note - If you do this, any global command-line arguments are ignored.
The following table shows the effect of global and application configuration on the ssh command used.
|
Ensure that no users are logged in to the SGD server and that there are no running application sessions, including suspended application sessions.
Include the full path to the SSH client program and any required command-line arguments. For example:
# TTASSHCLIENT="/usr/local/bin/ssh -q -X"; export TTASSHCLIENT
Note - If you only want to set command-line arguments for the SSH client, you have to include the full path to the SSH client program, even if the SSH program is in a location where SGD can detect it.
To display X applications using SGD using an SSH connection, you must enable
X11 forwarding. See How to Enable X11 Forwarding.
As a fallback, you can enable the Allow SSH Downgrade (--allowsshdowngrade) attribute on X application objects. If this attribute is enabled and X11 forwarding is not working or not configured, SGD tries to display the application using a regular unsecured X11 connection. Depending on your configuration, users might be prompted to accept the downgrade. The following table shows the effect of enabling the Allow SSH Downgrade attribute.
|
If an X11 connection is used, SGD sets the DISPLAY variable and X authorization cookie in the normal way. The SSH connection is only used for application authentication and for starting the application.
Edit the sshd_config file and add the following line:
X11Forwarding yes
Do either of the following:
Edit the ssh_config file and include the following lines:
ForwardAgent yes
ForwardX11 yes
Configure the SSH client to use the -X command-line argument.
See Configuring the SSH Client for details.
SGD supports the X Security extension. The X Security extension only works with versions of SSH that support the -Y option. For OpenSSH, this is version 3.8 or later. You enable the X Security extension by configuring the application objects individual applications as follows:
If SSH connections fail when X authorization is enabled, you might have to run the SSH daemon in IPv4-only mode because SGD might not support the X Security extension used on your server. You enable IP version 4 mode by editing your system SSH configuration file.
For example, on Red Hat Enterprise Linux, edit the /etc/sysconfig/sshd file and add the following line:
OPTIONS="-4"
You must restart the SSH daemon after making this change.
Certain SSH functionality, such as client keys, requires that the SSH client process runs as a privileged user. However, for security reasons, the SGD server processes and the SSH client process run as a non-privileged user.
To use advanced SSH functions, you must make the SGD ttasshhelper application a setuid root process. You do this by running the following commands as superuser (root) on each SGD server in the array:
# chown root /opt/tarantella/bin/bin/ttasshhelper # chmod 4510 /opt/tarantella/bin/bin/ttasshhelper
![]() | Caution - If you make these changes, you must protect your SGD servers from unauthorized access. |
If you are using the SSH client keys functionality, users might be prompted for a user name and password when they start an application. Users are prompted because SGD needs to know the user name to use for the SSH connection. Although users are also prompted for a password, the password is not actually used. Users are only prompted for a user name and password if they do not have an entry in the password cache for the application server, or if the password cache is disabled. If users are prompted, they only need to provide a user name. The password field can be left blank.